Symantec Experiences Its Own Security Incident

Symantec may not be concerned about the much-discussed Conficker virus, but the company is now dealing with an incident involving its own data security.

AFP/Getty Images

A ’90s-era photo of software engineers at Symantec’s Anti-Virus Research Center complex in Santa Monica, Calif.

Two weeks ago, the BBC published an investigative report in which reporters, working with an India-based middleman, bought credit-card information obtained from a Symantec call center.

Cris Paden, a spokesman for the Cupertino, Calif., security-software firm, said it sent warning letters to the slightly more than 200 customers affected by the theft. It began an internal investigation immediately after being notified by the BBC.

“We believe this was an isolated incident,” Mr. Paden said, “but as the investigation continues, we will promptly notify any additional customers affected by the situation and will take appropriate action to protect their interests.”

In a letter to New Hampshire’s attorney general, Symantec said, “We have no evidence that the credit card information of any United States resident was actually compromised.” Mr. Paden added that to his knowledge, none of the stolen credit cards were used before their owners canceled them.